CVE-2024-36624

Name of the Vulnerable Software and Affected Versions Zulip version 8.3

Description The issue is related to Cross Site Scripting (XSS) via the construct copy div function in copy and paste.js. This allows for potential malicious script execution.

Recommendations For Zulip version 8.3, consider disabling the construct copy div function in copy and paste.js as a temporary workaround until a patch is available. Restrict access to the copy and paste.js module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.